// by default, grants any permission associated with this policy $evaluation.grant();
When you create a resource server, Keycloak creates a default configuration for your newly created resource server.
The default configuration consists of:
A default protected resource representing all resources in your application.
A policy that always grants access to the resources protected by this policy.
A permission that governs access to all resources based on the default policy.
The default protected resource is referred to as the default resource and you can view it if you navigate to the Resources tab.
This resource defines a
urn:my-resource-server:resources:default and a
/*. Here, the
URI field defines a
wildcard pattern that indicates to Keycloak that this resource represents all the paths in your application. In other words,
when enabling policy enforcement for your application, all the permissions associated with the resource
will be examined before granting access.
Type mentioned previously defines a value that can be used to create typed resource permissions that must be applied
to the default resource or any other resource you create using the same type.
The default policy is referred to as the only from realm policy and you can view it if you navigate to the Policies tab.
Lastly, the default permission is referred to as the default permission and you can view it if you navigate to the Permissions tab.
This permission is a resource-based permission, defining a set of one or more policies that are applied to all resources with a given type.
Changing the Default Configuration
You can change the default configuration by removing the default resource, policy, or permission definitions and creating your own.
The default configuration defines a resource that maps to all paths in your application. If you are about to write permissions to your own resources, be sure to remove the Default Resource or change its